Check CSP for inline event handlers (#36510)

This also ensures that document now reports all violations and we set
the correct directive.

With these changes, all `script-src-attr-elem` WPT tests pass.

Part of #36437 

Requires servo/rust-content-security-policy#3 to land first

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

tests/wpt/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini

@@ -1,3 +0,0 @@
-[injected-inline-script-blocked.sub.html]
-  [Expecting logs: ["violated-directive=script-src-elem","blocked-uri=inline"\]]
-    expected: FAIL

tests/wpt/meta/content-security-policy/script-src/script-src-1_1.html.ini

@@ -1,7 +0,0 @@
-[script-src-1_1.html]
-  expected: TIMEOUT
-  [Inline event handler]
-    expected: FAIL
-
-  [Should fire policy violation events]
-    expected: NOTRUN

tests/wpt/meta/content-security-policy/script-src/script-src-1_2.html.ini

@@ -1,7 +0,0 @@
-[script-src-1_2.html]
-  expected: TIMEOUT
-  [Inline event handler]
-    expected: FAIL
-
-  [Should fire policy violation events]
-    expected: NOTRUN

tests/wpt/meta/content-security-policy/script-src/script-src-1_2_1.html.ini

@@ -1,4 +0,0 @@
-[script-src-1_2_1.html]
-  expected: TIMEOUT
-  [Test that securitypolicyviolation event is fired]
-    expected: NOTRUN

tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini

@@ -1,4 +1,3 @@
 [script-src-strict_dynamic_double_policy_different_nonce.html]
-  expected: TIMEOUT
   [Unnonced script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce-only double policy.]
-    expected: TIMEOUT
+    expected: FAIL

tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini

@@ -1,4 +1,3 @@
 [script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html]
-  expected: TIMEOUT
   [Non-allowed script injected via `appendChild` is not permitted with `strict-dynamic` + a nonce+allowed double policy.]
-    expected: TIMEOUT
+    expected: FAIL

tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini

@@ -1,5 +1,5 @@
 [script-src-strict_dynamic_meta_tag.html]
-  expected: TIMEOUT
+  expected: ERROR
   [Script injected via `appendChild` populated via `textContent` is allowed with `strict-dynamic`.]
     expected: TIMEOUT
 

tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini

@@ -1,5 +1,5 @@
 [script-src-strict_dynamic_non_parser_inserted.html]
-  expected: TIMEOUT
+  expected: ERROR
   [Script injected via `appendChild` populated via `textContent` is allowed with `strict-dynamic`.]
     expected: TIMEOUT
 

tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini

@@ -1,4 +0,0 @@
-[script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html]
-  expected: TIMEOUT
-  [All the expected CSP violation reports have been fired.]
-    expected: TIMEOUT

tests/wpt/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini

@@ -1,4 +0,0 @@
-[scripthash-unicode-normalization.sub.html]
-  expected: TIMEOUT
-  [Should fire securitypolicyviolation]
-    expected: NOTRUN

tests/wpt/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini

@@ -1,4 +0,0 @@
-[scriptnonce-and-scripthash.sub.html]
-  expected: TIMEOUT
-  [Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"\]]
-    expected: TIMEOUT

tests/wpt/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini

@@ -1,4 +0,0 @@
-[scriptnonce-ignore-unsafeinline.sub.html]
-  expected: TIMEOUT
-  [Expecting alerts: ["PASS (1/2)","PASS (2/2)", "violated-directive=script-src-elem"\]]
-    expected: TIMEOUT